hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Trust self signed strategy does not.
Date Sat, 26 Aug 2017 09:39:33 GMT
On Fri, 2017-08-25 at 10:55 -0600, Gary Gregory wrote:
> Hi All,
> 
> I just saw a case at work where we have a server that dishes out a
> cert
> chain with three certificates, one of which is self signed. Our trust
> self
> signed strategy just checks that the chain length is 1.
> 
> I am not familiar enough with the cert chain guts to know if there is
> a
> better way to do this.
> 
> Gary

Gary


My understanding that a self-signed certificate is the one that has
been only signed by itself and therefore its cert chain consists of one
 cert only - itself. 

As far as I understand all root CA certs are effectively self signed.
So, there is always a self-signed cert at the end of the cert chain.

Oleg 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message